Free, Secure, Remote Hubitat Dashboard Access via VPN

For those with a decent router (eg Synology RT2600ac and other high-end Routers ), you can set up a VPN Portal and put your Dashboard behind that. Eg:

On the Synology Routers, this is done via the "VPN Plus Server" App, and "Web Portals":

https://kb.synology.com/en-us/SRM/help/VPNPlusServer/vpnplus_server_webvpn?version=

Synology Router Prerequisite - You must have a Synology DDNS hostname and SSL Certificate setup for this to work. The SSL cert is free via LetsEncrypt - instructions below:

https://kb.synology.com/en-au/SRM/tutorial/How_to_set_up_Synology_SSL_VPN_and_WebVPN_using_Synology_DDNS_service

PS, I'm not trying to take money away from Hubitat, just showing that many of us will already have a Free, Secure, Remote Access solution already.

5 Likes

I have this router and have setup Webvpn but for some reason it does not connect to hubitat internal IP. What browser do you use? I have tried chrome and edge, I get a warning that the connection is unsafe but click proceed but then it hangs.

Ah, I know what is causing that, I’ll update the instructions above with more detail today.

Short version, you need to enable Synolgy dynamic DNS, then use the option to use an SSL certificate from letsencrypt.

1 Like

Did all of those steps but may have missed something

If you go into the Network centre App and the "QuickConnect & DDNS" tab, does yours looks like this?

In the VPN Plus App, You can validate your DDNS and Cert are correct via the following "Domain Settings" Tab.

Screen Shot 2021-10-09 at 1.48.27 pm

If you click "edit", you can double check your config:

Then in the "SSL VPN" tab it should look like this:

Then for the WebVPN Portal, I set up 3 entries, 1 each for admin access to my hubs, and one using the Hubitat "cloud" URL to access the Dashboards. You'll need to use a URL like "rooms" or the welcome page as you cant link directly to the dashboards page as it won't work.

1 Like

Thanks for the great screenshots. Everything is set up correctly and the same as your setup. Still hangs when trying to connect to a portal. Do you have any ports open for webvpn or let's encrypt?

This is where it hangs

1 Like

No worries.

Ah good point, I have only 1 port open on my router, 443 for VPN. I’ll post a screen capture after I’ve made breakfast for the family.

1 Like

Ok, so I have no port forwarding etc enabled at all, even UPnP is off. What I do have is a single firewall rule allowing VPN - in the Network Centre App and "Firewall" Tab:

Screen Shot 2021-10-10 at 10.08.41 am

And I have it restricted to Australian IP ranges - If I ever get to go OS again, I'll add those countries before leaving home:
Screen Shot 2021-10-10 at 10.09.00 am

I dont even have the services enabled to go through the FW under that tab (specific FW rules are better):

PS, check the main security settings too:

1 Like

Thanks for taking the time. All my settings in the firewall are the same as yours except of course the region.

I can connect to the web vpn UI no problem just can't get to the hubitat.

Not sure what's going on

1 Like

How odd, can you post your WebVPN config for the Hubitat?

Sure, it's the same as yours. At first I just had the ip but noticed yours was a little different so thought I'd try.

Edit, I hadn’t Tried it since installing the latest Hubitat hotfix. Mines not working now either.

1 Like

Looks like we’ll need to use this on Hubitat to fix it:

1 Like

I'm kind of a dummy when it comes to networking let me know when you figure it out😊

1 Like

I’m not an expert either, but I’ll let you know if I get it working.

1 Like

On my phone I use the VPN plus app and once I connect to that I can access anything on my Lan. I just wanted the webvpn working to use from my work PC

1 Like

They've definitely broken this in .129 and I cant get around it for now. I've flagged it with Hubitat.

1 Like
2 Likes

Didn't solve it for me but it could be on my end as I've never had it working

Always a good idea to look at what you have and see if you can gain additional functionality from it. :slight_smile:

If you have an RPI there are any number of VPNs you can run...my favorite being Wireguard. Super fast, very secure, and has been completely reliable for me. I'm running it on my router, but there are guides available for setting up Wireguard (and other VPNs) on RPIs.

3 Likes